公开(公告)号：US20090205044A1

公开(公告)日：2009-08-13

申请号：US12027761

申请日：2008-02-07

Applicant: David Carroll Challener ,  Howard Locker ,  Philip John Jakes ,  Randall Scott Springfield

Inventor： David Carroll Challener ,  Howard Locker ,  Philip John Jakes ,  Randall Scott Springfield

IPC: G06F11/00

CPC classification number: G06F21/552

Abstract: An apparatus, system, and method are disclosed for secure hard disk signed audit. The apparatus is provided with a plurality of modules configured to functionally execute the necessary steps of monitoring interactions with an audited system, detecting an interrupt event corresponding to an auditable interaction, and logging an audit record for the auditable interaction in response to the interrupt event, wherein the audit record is logged in an access-restricted portion of a portion-securable hard disk. These modules in the described embodiments include a gate module, a detection module, and a logging module.

Abstract translation: 公开了用于安全硬盘签名审核的装置，系统和方法。 该装置设置有多个模块，其被配置为在功能上执行监视与被审计系统的交互的必要步骤，检测与可审计交互相对应的中断事件，以及响应于中断事件记录可审计交互的审计记录， 其中审计记录被记录在部分可安全的硬盘的访问受限的部分中。 所述实施例中的这些模块包括门模块，检测模块和测井模块。

公开(公告)号：US20090070598A1

公开(公告)日：2009-03-12

申请号：US11852418

申请日：2007-09-10

Applicant: Daryl Carvis Cromer ,  Howard Jeffrey Locker ,  Randall Scott Springfield

Inventor： Daryl Carvis Cromer ,  Howard Jeffrey Locker ,  Randall Scott Springfield

IPC: G06F12/14

CPC classification number: G06F21/575

Abstract: A system, method, and program product is provided that initializes expected PCRs stored in a TPM by generating and storing a random number, seeding expected PCRs with the random number, inputting a set of startup code processes to a hash algorithm resulting in a set of hash values, updating the expected PCRs using the set of hash values, and saving the expected PCRs in a nonvolatile data area that is secured by the TPM. Upon reboot, the random number is retrieved from the nonvolatile data area, the PCRs are seeded with the retrieved random number, the startup code processes are input to the hash algorithm process resulting in another set of hash values, the PCRs are updated using the resulting set of hash values, and an encrypted data object is decrypted in response to the PCRs being the same as the expected PCRs.

Abstract translation: 提供了一种系统，方法和程序产品，其通过生成和存储随机数来初始化存储在TPM中的预期PCR，将随机数的种子预期PCR输入到一个散列算法中，从而产生一组 散列值，使用该组散列值更新预期PCR，并将预期PCR保存在由TPM保护的非易失性数据区域中。 在重新启动时，从非易失性数据区域检索随机数，用检索的随机数种子PCR，将启动代码处理输入到散列算法处理，得到另一组散列值，使用所得到的更新PCR 响应于与预期PCR相同的PCR来解密加密数据对象。

公开(公告)号：US07484241B2

公开(公告)日：2009-01-27

申请号：US10994620

申请日：2004-11-22

Applicant: David Carroll Challener ,  Steven Dale Goodman ,  James Patrick Hoff ,  David Rivera ,  Randall Scott Springfield

Inventor： David Carroll Challener ,  Steven Dale Goodman ,  James Patrick Hoff ,  David Rivera ,  Randall Scott Springfield

IPC: G06F7/04 ,  H04L9/32

CPC classification number: G06F21/41

Abstract: Methods and arrangements are disclosed for secure single sign on to an operating system using only a power-on password. In many embodiments modified BIOS code prompts for, receives and verifies the power-on password. The power-on password is hashed and stored in a Platform Configuration Register of the Trusted Platform Module. In a setup mode, the trusted platform module encrypts the operating system password using the hashed power-on password. In a logon mode, the trusted platform module decrypts the operating system password using the hashed power-on password.

Abstract translation: 公开了仅使用开机密码的安全单点登录到操作系统的方法和布置。 在许多实施例中，修改的BIOS代码提示，接收和验证开机密码。 开机密码被散列并存储在可信平台模块的平台配置寄存器中。 在设置模式下，可信平台模块使用散列开机密码对操作系统密码进行加密。 在登录模式下，可信平台模块使用散列开机密码解密操作系统密码。

公开(公告)号：US07480265B2

公开(公告)日：2009-01-20

申请号：US10727004

申请日：2003-12-03

Applicant: Daryl Carvis Cromer ,  Philip John Jakes ,  Howard Jeffrey Locker ,  Randall Scott Springfield

Inventor： Daryl Carvis Cromer ,  Philip John Jakes ,  Howard Jeffrey Locker ,  Randall Scott Springfield

IPC: G08C17/00 ,  H04B1/16

CPC classification number: H04L12/12 ,  H04W52/0225 ,  H04W84/12 ,  Y02D70/142 ,  Y02D70/144

Abstract: A system and method for autonomic extensions to wake on LAN are presented. An access point detects wake on LAN (WOL) requests that are targeted for unassociated clients. When the access point detects a WOL request for an unassociated client, the access point stores the WOL request in a table for a predefined amount of time. A client queries the access point periodically to see if the access point is storing a WOL request which is targeted for the client. When the access point receives the query, the access point compares the client's identifier, such as its MAC address, with targeted client identifiers corresponding to pending WOL requests. When the access point detects a match, the access point sends the WOL request to the client for the client to process.

Abstract translation: 提出了一种用于局域网唤醒的自主扩展的系统和方法。 接入点检测针对非关联客户机的唤醒唤醒（WOL）请求。 当接入点检测到无关联客户端的WOL请求时，接入点将WOL请求存储在表中预定义的时间量。 客户端定期查询接入点，查看接入点是否正在存储针对客户端的WOL请求。 当接入点接收到查询时，接入点将客户端的标识符（例如其MAC地址）与对应于待处理的WOL请求的目标客户端标识进行比较。 当接入点检测到匹配时，接入点将发送WOL请求给客户端进行处理。

公开(公告)号：US20080301675A1

公开(公告)日：2008-12-04

申请号：US11755130

申请日：2007-05-30

Applicant: Daryl Carvis Cromer ,  Howard Jeffrey Locker ,  Randall Scott Springfield ,  Jennifer Greenwood Zawacki

Inventor： Daryl Carvis Cromer ,  Howard Jeffrey Locker ,  Randall Scott Springfield ,  Jennifer Greenwood Zawacki

IPC: G06F9/455

CPC classification number: G06F9/45533 ,  G06F3/1438

Abstract: A hypervisor operating system instantiates a virtual video driver to a main operating system that supports only one type of graphics adapter. The virtual driver handles graphics remapping among plural different display drivers associated with plural different display monitors to enable a computer to output data on multiple different monitors even though the main O.S. supports only one type of display driver.

Abstract translation: 虚拟机管理程序操作系统将虚拟视频驱动程序实例化为仅支持一种图形适配器的主操作系统。 虚拟驱动器处理与多个不同显示监视器相关联的多个不同显示驱动器之间的图形重新映射，以使得计算机能够在多个不同显示器上输出数据，即使主O.S. 仅支持一种显示驱动程序。

公开(公告)号：US20080184025A1

公开(公告)日：2008-07-31

申请号：US12058696

申请日：2008-03-29

Applicant: Richard Alan Dayan ,  Joseph Wayne Freeman ,  William Fred Keown ,  Randall Scott Springfield

Inventor： Richard Alan Dayan ,  Joseph Wayne Freeman ,  William Fred Keown ,  Randall Scott Springfield

IPC: G06F15/177

CPC classification number: G06F9/4406 ,  G06F11/1417 ,  G06F11/1441

Abstract: A system, computer program product and method for booting to a partition in a non-volatile storage unit without a local operator. In one embodiment, one or more bits in a BOOT register may be set by an operating system indicating if the BIOS should boot to the partition. The BIOS may then read the BOOT register to determine if the BIOS is to boot to the partition as well as any activities to perform if the BIOS is to boot to the partition. In another embodiment, a network interface card may insert directive information received from a packet in a register within the network interface card. The BIOS may then read the register within the network interface card to determine if the BIOS is to boot to the partition as well as any activities to perform if the BIOS is to boot to the partition.

Abstract translation: 用于在没有本地操作者的情况下引导到非易失性存储单元中的分区的系统，计算机程序产品和方法。 在一个实施例中，BOOT寄存器中的一个或多个位可以由操作系统设置，指示是否BIOS应该引导到分区。 然后，BIOS可以读取BOOT寄存器，以确定BIOS是否要引导到分区，以及BIOS是否要引导到分区时执行的任何活动。 在另一个实施例中，网络接口卡可以将从分组接收的指令信息插入网络接口卡内的寄存器中。 然后，BIOS可以读取网络接口卡内的寄存器，以确定BIOS是否要引导到分区，以及BIOS要启动到分区的任何活动。

公开(公告)号：US20080133905A1

公开(公告)日：2008-06-05

申请号：US11565452

申请日：2006-11-30

Applicant: David Carroll Challener ,  Seiichi Kawano ,  Randall Scott Springfield ,  Rod D. Waltermann

Inventor： David Carroll Challener ,  Seiichi Kawano ,  Randall Scott Springfield ,  Rod D. Waltermann

IPC: H04L9/32

CPC classification number: H04L9/0822 ,  H04L9/3226

Abstract: An apparatus, system, and method are disclosed for remotely accessing a shared password. A storage module stores identifiers, passwords, and keys within a secure key structure of a client. The passwords and keys include a shared password encrypted with a shared password key that is encrypted with a service structure key. The storage module also stores the service structure key encrypted with a key derived from a service password on a trusted server. An input/output module accesses the trusted server from the client with a prospective service password and receives the encrypted service structure key from the trusted server if a hash of the prospective service password is equivalent to the service password. An encryption module may decrypt the service structure key with the prospective service password, the shared password key with the service structure key, and the shared password with the shared password key.

Abstract translation: 公开了用于远程访问共享密码的装置，系统和方法。 存储模块在客户端的安全密钥结构内存储标识符，密码和密钥。 密码和密钥包括使用通过服务结构密钥加密的共享密码密钥加密的共享密码。 存储模块还将在服务密码上导出的密钥加密的服务结构密钥存储在可信服务器上。 输入/输出模块从客户端接收可信服务密码，如果预期服务密码的散列等于服务密码，则从可信服务器接收加密的服务结构密钥。 加密模块可以利用预期服务密码，具有服务结构密钥的共享密码密钥和具有共享密码密钥的共享密码对服务结构密钥进行解密。

公开(公告)号：US07366888B2

公开(公告)日：2008-04-29

申请号：US09876426

申请日：2001-06-07

Applicant: Richard Alan Dayan ,  Joseph Wayne Freeman ,  William Fred Keown, Jr. ,  Randall Scott Springfield

Inventor： Richard Alan Dayan ,  Joseph Wayne Freeman ,  William Fred Keown, Jr. ,  Randall Scott Springfield

IPC: G06F15/177

CPC classification number: G06F9/4406 ,  G06F11/1417 ,  G06F11/1441

Abstract: A system, computer program product and method for booting to a partition in a non-volatile storage unit without a local operator. In one embodiment, one or more bits in a BOOT register may be set by an operating system indicating if the BIOS should boot to the partition. The BIOS may then read the BOOT register to determine if the BIOS is to boot to the partition as well as any activities to perform if the BIOS is to boot to the partition. In another embodiment, a network interface card may insert directive information received from a packet in a register within the network interface card. The BIOS may then read the register within the network interface card to determine if the BIOS is to boot to the partition as well as any activities to perform if the BIOS is to boot to the partition.

Abstract translation: 用于在没有本地操作者的情况下引导到非易失性存储单元中的分区的系统，计算机程序产品和方法。 在一个实施例中，BOOT寄存器中的一个或多个位可以由操作系统设置，指示是否BIOS应该引导到分区。 然后，BIOS可以读取BOOT寄存器，以确定BIOS是否要引导到分区，以及BIOS是否要引导到分区时执行的任何活动。 在另一个实施例中，网络接口卡可以将从分组接收的指令信息插入网络接口卡内的寄存器中。 然后，BIOS可以读取网络接口卡内的寄存器，以确定BIOS是否要引导到分区，以及BIOS要启动到分区的任何活动。

公开(公告)号：US07281125B2

公开(公告)日：2007-10-09

申请号：US09940155

申请日：2001-08-24

Applicant: David Carroll Challener ,  Steven Dale Goodman ,  David Robert Safford ,  Randall Scott Springfield

Inventor： David Carroll Challener ,  Steven Dale Goodman ,  David Robert Safford ,  Randall Scott Springfield

IPC: H04L29/00

CPC classification number: G06F21/572 ,  G06F21/575 ,  G06F21/62

Abstract: A method, computer program product and computer system for securing alterable data. A computer that is remotely managed may be equipped with a protected storage that is accessible only by BIOS code. The protected storage may have the capacity to store a symmetrical encryption key. An EEPROM, which normally contains the BIOS code, may be used to store accessible configuration data as well as remotely unaccessible sensitive access information (e.g., passwords). The remotely unaccessible sensitive data is encrypted with the symmetrical encryption key by the BIOS code. Remote access to the sensitive data is accomplished via change requests submitted to the BIOS code over a secure channel. The BIOS code then determines whether the request is valid. If so, then sensitive data is decrypted, altered, encrypted, and re-written into the EEPROM. Normal access to accessible data is unaffected and remote access is allowed without changing the computer system architecture.

Abstract translation: 一种用于保护可变数据的方法，计算机程序产品和计算机系统。 远程管理的计算机可能配备有只能通过BIOS代码访问的受保护存储。 受保护的存储器可以具有存储对称加密密钥的能力。 通常包含BIOS代码的EEPROM可用于存储可访问的配置数据以及远程不可访问的敏感访问信息（例如，密码）。 远程不可访问的敏感数据通过BIOS代码用对称加密密钥加密。 通过安全通道提交给BIOS代码的更改请求，可以远程访问敏感数据。 然后，BIOS代码确定请求是否有效。 如果是这样，那么敏感数据将被解密，更改，加密并重新写入EEPROM。 对可访问数据的正常访问不受影响，并且允许远程访问，而无需更改计算机系统架构。

公开(公告)号：US07254722B2

公开(公告)日：2007-08-07

申请号：US10411415

申请日：2003-04-10

Applicant: Ryan Charles Catherman ,  Steven Dale Goodman ,  James Patrick Hoff ,  Randall Scott Springfield ,  James Peter Ward

Inventor： Ryan Charles Catherman ,  Steven Dale Goodman ,  James Patrick Hoff ,  Randall Scott Springfield ,  James Peter Ward

IPC: G06F1/28

CPC classification number: G06F21/57 ,  G06F21/575 ,  H05K1/181

Abstract: A motherboard for a computer system is presented which provides a trusted platform by which operations can be performed with an increased level trust and confidence. The basis of trust for the motherboard is established by an encryption coprocessor and by code which interfaces with the encryption coprocessor and establishes root of trust metrics for the platform. The encryption coprocessor is built such that certain critical operations are allowed only if physical presence of an operator has been detected. Physical presence is determined by inference based upon the status of registers in the core chipset on the motherboard.

Abstract translation: 提供了一种用于计算机系统的主板，其提供可信赖的平台，通过该平台可以以更高级别的信任和置信度执行操作。 主板的信任基础由加密协处理器和与加密协处理器接口的代码建立，并为平台建立信任度量的根源。 构建加密协处理器，使得仅当检测到操作者的物理存在时才允许某些关键操作。 基于主板上核心芯片组中寄存器的状态，推理确定物理存在。